Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: A method includes determining, within a plurality of feature vectors corresponding to a plurality of transactions, a correlation between values of particular features in the plurality of feature vectors that distinguish at least a subset of the transactions as fraudulent. Each feature vector comprises a plurality of features having values that describe the feature vector's corresponding transaction. The method further includes generating a triggering criteria for identifying suspicious transactions based on the values of the particular features. The method additionally includes, in response to receiving a request to approve a new transaction, determining that attributes of the new transaction meet the triggering criteria, and transmitting a request for authentication of an account holder associated with the new transaction.

Abstract: A method includes determining, for each device in a first set of devices associated with a fraudulent transaction initiated by a plurality of flagged accounts, a suspicion score based on a number of fraudulent transactions associated with the device. The method also includes determining a relationship between each device in the first set and other devices in a second set that have initiated at least one legitimate transaction using at least one of the plurality of flagged accounts. The method further includes determining, for each device in the second set, an average suspicion score based on the suspicion score for each device in the first set that is related to the device in the second set. The method still further includes determining that the average suspicion score for a particular device in the second set is above a threshold, and blocking a pending transaction involving the particular device.

Abstract: In one embodiment, a transaction associated with a first device is identified. Based on the transaction, a first device signature for the first device is determined. A plurality of known device signatures associated with a plurality of known devices is accessed. A plurality of signature transition features between the plurality of known device signatures and the first device signature is identified, wherein each signature transition feature comprises a transition from an attribute of a known device signature to a corresponding attribute of the first device signature. A classification model is then applied to the plurality of signature transition features. Based on an output of the classification model, a plurality of device match probabilities indicating whether the first device is one of the plurality of known devices is obtained. The identity of the first device is then determined based on the plurality of device match probabilities.

Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network-related signature comprises a value representing how many routing devices are on a network path between the client computer and a predetermined computer. Also included is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.

Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: A historical repository of UE identifiers associated with sets of prior mean values and prior standard deviation values, is maintained. A browser request message is received from a web browser on a suspect UE and requests access to an electronic resource. An identification challenge message is sent toward the web browser and contains a hash script configured to be processed by the web browser to hash a challenge data set and to report a measurement of elapsed hashing time. A device identification report is received from the web browser and contains a terminal signature tuple of a reported UE identifier and the elapsed hashing time. A posterior probability value indicating a likelihood that the suspect UE corresponds to a genuine UE identified by the reported UE identifier, is generated. Whether the suspect UE is permitted to access the electronic resource is controlled based on the posterior probability value.

Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network signature comprises a vector of values, each value representing a transit time between adjacent routing devices on a network path between the client computer and a predetermined computer. Also include is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.

Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network-related signature comprises a value representing how many routing devices are on a network path between the client computer and a predetermined computer. Also included is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.

Abstract: A method by a content server includes maintaining a historical repository of terminal signature tuples received from computer terminals. Each of the terminal signature tuples contains a terminal identifier for a computer terminal and a terminal signature characterizing a measured operation by the computer terminal. An access request message is received from a source computer terminal and contains a terminal signature tuple. The terminal signature tuple in the access request message contains a terminal identifier for the source computer terminal and a terminal signature characterizing a measured operation by the source computer terminal. A posterior probability value is generated based on processing a combination of the terminal signature tuple contained in the access request message and the terminal signature tuples contained in the historical repository. The content server controls access for the access request message to a resource controlled by the content server based on the posterior probability value.

Abstract: A processor is coupled to a hierarchical memory structure which includes a plurality of levels of cache memories that hierarchically cache data that is read by the processor from a main memory. The processor is integrated within a computer terminal. The processor performs operations that include generating a hierarchical cache latency signature vector by repeating for each of a plurality of buffer sizes, the following: 1) allocating in the main memory a buffer having the buffer size; 2) measuring elapsed time for the processor to read data from buffer addresses that include upper and lower boundaries of the buffer; and 3) storing the elapsed time and the buffer size as an associated set in the hierarchical cache latency signature vector. The operations further include communicating through a network interface circuit a computer identification message containing computer terminal identification information generated based on the hierarchical cache latency signature vector.

Abstract: A processor is coupled to a hierarchical memory structure which includes a plurality of levels of cache memories that hierarchically cache data that is read by the processor from a main memory. The processor is integrated within a computer terminal. The processor performs operations that include generating a hierarchical cache latency signature vector by repeating for each of a plurality of buffer sizes, the following: 1) allocating in the main memory a buffer having the buffer size; 2) measuring elapsed time for the processor to read data from buffer addresses that include upper and lower, boundaries of the buffer; and 3) storing the elapsed time and the buffer size as an associated set in the hierarchical cache latency signature vector. The operations further include communicating through a network interface circuit a computer identification message containing computer terminal identification information generated based on the hierarchical cache latency signature vector.

Abstract: A historical repository of UE identifiers associated with sets of prior mean values and prior standard deviation values, is maintained. A browser request message is received from a web browser on a suspect UE and requests access to an electronic resource. An identification challenge message is sent toward the web browser and contains a hash script configured to be processed by the web browser to hash a challenge data set and to report a measurement of elapsed hashing time. A device identification report is received from the web browser and contains a terminal signature tuple of a reported UE identifier and the elapsed hashing time. A posterior probability value indicating a likelihood that the suspect UE corresponds to a genuine UE identified by the reported UE identifier, is generated. Whether the suspect UE is permitted to access the electronic resource is controlled based on the posterior probability value.

Abstract: A method by a content server includes maintaining a historical repository of terminal signature tuples received from computer terminals. Each of the terminal signature tuples contains a terminal identifier for a computer terminal and a terminal signature characterizing a measured operation by the computer terminal. An access request message is received from a source computer terminal and contains a terminal signature tuple. The terminal signature tuple in the access request message contains a terminal identifier for the source computer terminal and a terminal signature characterizing a measured operation by the source computer terminal. A posterior probability value is generated based on processing a combination of the terminal signature tuple contained in the access request message and the terminal signature tuples contained in the historical repository. The content server controls access for the access request message to a resource controlled by the content server based on the posterior probability value.

Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: A processor is coupled to a hierarchical memory structure which includes a plurality of levels of cache memories that hierarchically cache data that is read by the processor from a main memory. The processor is integrated within a computer terminal. The processor performs operations that include generating a hierarchical cache latency signature vector by repeating for each of a plurality of buffer sizes, the following: 1) allocating in the main memory a buffer having the buffer size; 2) measuring elapsed time for the processor to read data from buffer addresses that include upper and lower, boundaries of the buffer; and 3) storing the elapsed time and the buffer size as an associated set in the hierarchical cache latency signature vector. The operations further include communicating through a network interface circuit a computer identification message containing computer terminal identification information generated based on the hierarchical cache latency signature vector.